feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add support for custom contentType with CMS SignedData type

Browse Source
This commit is contained in:
Chris Conlon
2018-08-09 14:22:06 -06:00
committed by David Garske
parent bdf07e64cf
commit 70ca95b357
6 changed files with 153 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@ -59,12 +59,14 @@ CLEANFILES+= cert.der \
pkcs7signedData_RSA_SHA_noattr.der \
pkcs7signedData_RSA_SHA224.der \
pkcs7signedData_RSA_SHA256.der \
pkcs7signedData_RSA_SHA256_custom_contentType.der \
pkcs7signedData_RSA_SHA384.der \
pkcs7signedData_RSA_SHA512.der \
pkcs7signedData_ECDSA_SHA.der \
pkcs7signedData_ECDSA_SHA_noattr.der \
pkcs7signedData_ECDSA_SHA224.der \
pkcs7signedData_ECDSA_SHA256.der \
pkcs7signedData_ECDSA_SHA256_custom_contentType.der \
pkcs7signedData_ECDSA_SHA384.der \
pkcs7signedData_ECDSA_SHA512.der

2
wolfcrypt/src/asn.c
View File

@ -1938,7 +1938,7 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz)
* ASN_PARSE_E when length is invalid.
* Otherwise, 0 to indicate success.
*/
static int GetASNObjectId(const byte* input, word32* inOutIdx, int* len,
int GetASNObjectId(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx)
{
word32 idx = *inOutIdx;

93
wolfcrypt/src/pkcs7.c
View File

@ -383,6 +383,8 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
pkcs7->isDynamic = 0;
XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
}
pkcs7->contentTypeSz = 0;
}
@ -1030,19 +1032,22 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
const byte* hashBuf, word32 hashSz, byte* output, word32* outputSz,
byte* output2, word32* output2Sz)
{
const byte outerOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
0x07, 0x02 };
/* id-signedData (1.2.840.113549.1.7.2) */
static const byte outerOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
0x07, 0x02 };
/* default id-data OID (1.2.840.113549.1.7.1), user can override */
const byte innerOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x07, 0x01 };
/* contentType OID (1.2.840.113549.1.9.3) */
const byte contentTypeOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01,
0x09, 0x03 };
const byte contentType[] =
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x07, 0x01 };
/* messageDigest OID (1.2.840.113549.1.9.4) */
const byte messageDigestOid[] =
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x09, 0x04 };
@ -1053,7 +1058,6 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
int digEncAlgoId, digEncAlgoType;
byte* flatSignedAttribs = NULL;
word32 flatSignedAttribsSz = 0;
word32 innerOidSz = sizeof(innerOid);
word32 outerOidSz = sizeof(outerOid);
if (pkcs7 == NULL || pkcs7->contentSz == 0 ||
@ -1065,6 +1069,20 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
}
/* verify the hash size matches */
#ifdef WOLFSSL_SMALL_STACK
esd = (ESD*)XMALLOC(sizeof(ESD), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (esd == NULL)
return MEMORY_E;
#endif
XMEMSET(esd, 0, sizeof(ESD));
/* use default DATA contentType if not set by user */
if (pkcs7->contentTypeSz == 0) {
XMEMCPY(pkcs7->contentType, innerOid, sizeof(innerOid));
pkcs7->contentTypeSz = sizeof(innerOid);
}
esd->hashType = wc_OidGetHash(pkcs7->hashOID);
if (wc_HashGetDigestSize(esd->hashType) != (int)hashSz) {
WOLFSSL_MSG("hashSz did not match hashOID");
@ -1080,8 +1098,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
esd->innerContSeqSz = SetExplicit(0, esd->innerOctetsSz + pkcs7->contentSz,
esd->innerContSeq);
esd->contentInfoSeqSz = SetSequence(pkcs7->contentSz + esd->innerOctetsSz +
innerOidSz + esd->innerContSeqSz,
esd->contentInfoSeq);
pkcs7->contentTypeSz + esd->innerContSeqSz,
esd->contentInfoSeq);
esd->issuerSnSz = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz,
esd->issuerSn, MAX_SN_SZ);
@ -1111,7 +1129,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
/* build up signed attributes */
ret = wc_PKCS7_BuildSignedAttributes(pkcs7, esd,
contentTypeOid, sizeof(contentTypeOid),
contentType, sizeof(contentType),
pkcs7->contentType, pkcs7->contentTypeSz,
messageDigestOid, sizeof(messageDigestOid));
if (ret < 0) {
return MEMORY_E;
@ -1205,8 +1223,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
idx += esd->singleDigAlgoIdSz;
XMEMCPY(output + idx, esd->contentInfoSeq, esd->contentInfoSeqSz);
idx += esd->contentInfoSeqSz;
XMEMCPY(output + idx, innerOid, innerOidSz);
idx += innerOidSz;
XMEMCPY(output + idx, pkcs7->contentType, pkcs7->contentTypeSz);
idx += pkcs7->contentTypeSz;
XMEMCPY(output + idx, esd->innerContSeq, esd->innerContSeqSz);
idx += esd->innerContSeqSz;
XMEMCPY(output + idx, esd->innerOctets, esd->innerOctetsSz);
@ -1928,13 +1946,14 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
word32 hashSz, byte* pkiMsg, word32 pkiMsgSz,
byte* pkiMsg2, word32 pkiMsg2Sz)
{
word32 idx, contentType, hashOID, sigOID, totalSz;
word32 idx, outerContentType, hashOID, sigOID, contentTypeSz, totalSz;
int length, version, ret;
byte* content = NULL;
byte* contentDynamic = NULL;
byte* sig = NULL;
byte* cert = NULL;
byte* signedAttrib = NULL;
byte* contentType = NULL;
int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0;
word32 localIdx, start;
byte degenerate;
@ -1984,10 +2003,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
}
/* Get the contentInfo contentType */
if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
if (wc_GetContentType(pkiMsg, &idx, &outerContentType, pkiMsgSz) < 0)
return ASN_PARSE_E;
if (contentType != SIGNED_DATA) {
if (outerContentType != SIGNED_DATA) {
WOLFSSL_MSG("PKCS#7 input not of type SignedData");
return PKCS7_OID_E;
}
@ -2028,12 +2047,16 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
return ASN_PARSE_E;
/* Get the inner ContentInfo contentType */
if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0)
return ASN_PARSE_E;
{
word32 localIdx = idx;
if (contentType != DATA) {
WOLFSSL_MSG("PKCS#7 inner input not of type Data");
return PKCS7_OID_E;
if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) != 0)
return ASN_PARSE_E;
contentType = pkiMsg + localIdx;
contentTypeSz = length + (idx - localIdx);
idx += length;
}
/* Check for content info, it could be omitted when degenerate */
@ -2240,6 +2263,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
pkcs7->content = content;
pkcs7->contentSz = contentSz;
/* set contentType and size after init of PKCS7 structure */
if (wc_PKCS7_SetContentType(pkcs7, contentType, contentTypeSz) < 0)
return ASN_PARSE_E;
/* Get the implicit[1] set of crls */
if (pkiMsg2[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) {
idx++;
@ -3532,6 +3559,30 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz)
}
/* Set custom contentType, currently supported with SignedData type
*
* pkcs7 - pointer to initialized PKCS7 structure
* contentType - pointer to array with ASN.1 encoded OID value
* sz - length of contentType array, octets
*
* return 0 on success, negative upon error */
int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz)
{
if (pkcs7 == NULL || contentType == NULL || sz == 0)
return BAD_FUNC_ARG;
if (sz > MAX_OID_SZ) {
WOLFSSL_MSG("input array too large, bounded by MAX_OID_SZ");
return BAD_FUNC_ARG;
}
XMEMCPY(pkcs7->contentType, contentType, sz);
pkcs7->contentTypeSz = sz;
return 0;
}
/* return size of padded data, padded to blockSz chunks, or negative on error */
int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
{

91
wolfcrypt/test/test.c
View File

@ -19298,6 +19298,8 @@ typedef struct {
PKCS7Attrib* signedAttribs;
word32 signedAttribsSz;
const char* outFileName;
byte* contentType;
word32 contentTypeSz;
} pkcs7SignedVector;
@ -19348,6 +19350,11 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
sizeof(senderNonce) }
};
/* for testing custom contentType, FirmwarePkgData */
byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
0x48, 0x86, 0xF7, 0x0D,
0x01, 0x09, 0x10, 0x01, 0x10 };
const pkcs7SignedVector testVectors[] =
{
#ifndef NO_RSA
@ -19355,36 +19362,42 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
/* RSA with SHA */
{data, (word32)sizeof(data), SHAh, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA.der"},
"pkcs7signedData_RSA_SHA.der", NULL, 0},
/* RSA with SHA, no signed attributes */
{data, (word32)sizeof(data), SHAh, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, NULL, 0,
"pkcs7signedData_RSA_SHA_noattr.der"},
"pkcs7signedData_RSA_SHA_noattr.der", NULL, 0},
#endif
#ifdef WOLFSSL_SHA224
/* RSA with SHA224 */
{data, (word32)sizeof(data), SHA224h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA224.der"},
"pkcs7signedData_RSA_SHA224.der", NULL, 0},
#endif
#ifndef NO_SHA256
/* RSA with SHA256 */
{data, (word32)sizeof(data), SHA256h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256.der"},
"pkcs7signedData_RSA_SHA256.der", NULL, 0},
/* RSA with SHA256 and custom contentType */
{data, (word32)sizeof(data), SHA256h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256_custom_contentType.der", customContentType,
sizeof(customContentType)},
#endif
#if defined(WOLFSSL_SHA384)
/* RSA with SHA384 */
{data, (word32)sizeof(data), SHA384h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA384.der"},
"pkcs7signedData_RSA_SHA384.der", NULL, 0},
#endif
#if defined(WOLFSSL_SHA512)
/* RSA with SHA512 */
{data, (word32)sizeof(data), SHA512h, RSAk, rsaPrivKey, rsaPrivKeySz,
rsaCert, rsaCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA512.der"},
"pkcs7signedData_RSA_SHA512.der", NULL, 0},
#endif
#endif /* NO_RSA */
@ -19393,36 +19406,42 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
/* ECDSA with SHA */
{data, (word32)sizeof(data), SHAh, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA.der"},
"pkcs7signedData_ECDSA_SHA.der", NULL, 0},
/* ECDSA with SHA, no signed attributes */
{data, (word32)sizeof(data), SHAh, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, NULL, 0,
"pkcs7signedData_ECDSA_SHA_noattr.der"},
"pkcs7signedData_ECDSA_SHA_noattr.der", NULL, 0},
#endif
#ifdef WOLFSSL_SHA224
/* ECDSA with SHA224 */
{data, (word32)sizeof(data), SHA224h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA224.der"},
"pkcs7signedData_ECDSA_SHA224.der", NULL, 0},
#endif
#ifndef NO_SHA256
/* ECDSA with SHA256 */
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA256.der"},
"pkcs7signedData_ECDSA_SHA256.der", NULL, 0},
/* ECDSA with SHA256 and custom contentType */
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA256_custom_contentType.der",
customContentType, sizeof(customContentType)},
#endif
#ifdef WOLFSSL_SHA384
/* ECDSA with SHA384 */
{data, (word32)sizeof(data), SHA384h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA384.der"},
"pkcs7signedData_ECDSA_SHA384.der", NULL, 0},
#endif
#ifdef WOLFSSL_SHA512
/* ECDSA with SHA512 */
{data, (word32)sizeof(data), SHA512h, ECDSAk, eccPrivKey, eccPrivKeySz,
eccCert, eccCertSz, attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA512.der"},
"pkcs7signedData_ECDSA_SHA512.der", NULL, 0},
#endif
#endif /* HAVE_ECC */
};
@ -19476,6 +19495,17 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
pkcs7->signedAttribs = testVectors[i].signedAttribs;
pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
/* optional custom contentType, default is DATA */
if (testVectors[i].contentType != NULL) {
ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType,
testVectors[i].contentTypeSz);
if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9411;
}
}
/* generate senderNonce */
{
senderNonce[0] = 0x04;
@ -19485,7 +19515,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9411;
return -9412;
}
}
@ -19508,7 +19538,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9412;
return -9413;
}
wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
wc_ShaFinal(&sha, digest);
@ -19518,7 +19548,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (ret != 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9413;
return -9414;
}
wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
wc_Sha256Final(&sha, digest);
@ -19534,7 +19564,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (encodedSz < 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9414;
return -9415;
}
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
@ -19543,14 +19573,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (!file) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9415;
return -9416;
}
ret = (int)fwrite(out, 1, encodedSz, file);
fclose(file);
if (ret != (int)encodedSz) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9416;
return -9417;
}
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
@ -19558,20 +19588,31 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
if (pkcs7 == NULL)
return -9410;
return -9418;
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
if (ret < 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9417;
return -9419;
}
/* verify contentType extracted successfully for custom content types */
if (testVectors[i].contentTypeSz > 0) {
if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
return -9420;
} else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
pkcs7->contentTypeSz) != 0) {
return -9421;
}
}
if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9418;
return -9422;
}
{
@ -19590,13 +19631,13 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9419;
return -9423;
}
if (bufSz > (int)sizeof(buf)) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9420;
return -9424;
}
bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
@ -19605,7 +19646,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
(testVectors[i].signedAttribs == NULL && bufSz > 0)) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9421;
return -9425;
}
}
@ -19614,7 +19655,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
if (!file) {
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_PKCS7_Free(pkcs7);
return -9422;
return -9426;
}
ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
fclose(file);

11
wolfssl/wolfcrypt/asn.h
View File

@ -276,7 +276,7 @@ enum Misc_ASN {
#endif
/* Max total extensions, id + len + others */
#endif
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
MAX_OID_SZ = 32, /* Max DER length of OID*/
MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
#endif
@ -285,7 +285,8 @@ enum Misc_ASN {
MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */
MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) +
CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage
(SEQ/LEN + OBJID + OCTSTR/LEN + SEQ + (6 * (SEQ + OID))) */
(SEQ/LEN + OBJID + OCTSTR/LEN + SEQ +
(6 * (SEQ + OID))) */
MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
#endif
@ -303,8 +304,8 @@ enum Misc_ASN {
#endif
TRAILING_ZERO = 1, /* Used for size of zero pad */
MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */
#endif
@ -1012,6 +1013,8 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz,
word16* out, word32* outSz);
#endif
WOLFSSL_LOCAL int GetASNObjectId(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
word32 oidType, word32 maxIdx);
WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,

5
wolfssl/wolfcrypt/pkcs7.h
View File

@ -147,6 +147,9 @@ typedef struct PKCS7 {
word16 isDynamic:1;
word16 noDegenerate:1; /* allow degenerate case in verify function */
byte contentType[MAX_OID_SZ]; /* custom contentType byte array */
word32 contentTypeSz; /* size of contentType, bytes */
/* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
} PKCS7;
@ -177,6 +180,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
word32 pkiMsgSz, byte* output,
word32 outputSz);
WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType,
word32 sz);
WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
word32 blockSz);